You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.

Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat

You will first be presented with a warning and a list of forums to seek help at.
it should look like this

VundoFix V2.15 by Atri
By pressing enter you agree that you are using this at your own risk

At this point press enter one time.

Next you will see:

Type in the filepath as instructed by the forum staff
Then Press Enter

At this point please type the following file path (make sure to enter it exactly as below!):

C:\WINDOWS\System32\ssqpq.dll

Press Enter,

Next you will see:

Please type in the second filepath as instructed by the forum staff
Then Press Enter,

At this point please type the following file path (make sure to enter it exactly as below!): C:\WINDOWS\system32\qpqss.*
If you have a script blocker running, you may get a warning about a malicious script. Allow the script to run. It is not malicious.

The fix will run then HijackThis will open.

In HijackThis, please place a check next to the following items and click FIX CHECKED:
O2 - BHO: ATLDistrib Object - {7A1A109F-58B3-414B-9829-5F4D9BE5FEDE} - C:\WINDOWS\System32\ssqpq.dll

O20 - Winlogon Notify: ssqpq - C:\WINDOWS\System32\ssqpq.dll

O20 - Winlogon Notify: ssqrq - ssqrq.dll (file missing)

After you have fixed these items, close Hijackthis and Press any key to Force a reboot of your computer.

Pressing any key will cause a "Blue Screen of Death" this is normal, do not worry!

Once your machine reboots please continue with the instructions below.

After I was done in Safe Mode, it wouldn't let me reboot; I was pressing every key but nothing was happening so I rebooted manually by holding the power button. Does that affect it at all? Anyways, here's the information that you wanted:

Download the trial version of Ewido Security Suite http://www.ewido.net/en/download/ (W2K/XP Only)· Install ewido.· During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".· Launch ewido· It will prompt you to update click the OK button and it will go to the main screen· On the left side of the main screen click update· Click on Start and let it update.· DO NOT run a scan yet. You will do that later in safe mode.

Restart your computer into safe mode now. Perform the following steps in safe mode:(Start tapping F8 at the first black screen after power up)

Run Ewido:· Click on scanner· Click Complete System Scan and the scan will begin.· During the scan it will prompt you to clean files, click OK· When the scan is finished, look at the bottom of the screen and click the Save report button.· Save the report to your C: DriveThis will take some time to run!Boot to normal modePost that log and a new HiJack log – If the Ewido log is too large attach it.

START – RUN – type in %temp% OK - Edit – Select all – File – DeleteDelete everything in the C:\Windows\Temp folder or C:\WINNT\tempEmpty the recycle binBoot and post a new log from normal NOT safe mode

Please give feedback on what worked/didn’t work and the current status of your system=============To Further clean and protect you